Hackers distribute banking malware through Buffalo site in Japan

Customers of storage and networking equipment manufacturer Buffalo who downloaded certain files from the company's website in Japan last week might have had their computers infected with an online banking Trojan.

In a security notice published Monday, Buffalo warned customers that someone had tampered with 10 files offered for download from its site between 6:16 a.m. and 1 p.m. on May 27.

The malicious files placed by attackers on the Buffalo website were downloaded 856 times from 540 unique IP addresses, the Symantec researchers said Monday in a blog post. This incident highlights that attackers don't necessarily need to exploit vulnerabilities in order to infect users visiting compromised websites, they said.

Buffalo is still investigating how hackers managed to replace the legitimate files on its site with malicious versions and apologized to customers for the incident.

The company is not the first hardware manufacturer to have its site used for malware attacks against customers. In 2009, security researchers from Trend Micro found that device drivers distributed by gaming peripheral manufacturer Razer through its support site contained malware.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.